Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for providing data privacy of mirrored network traffic during mirroring between a mirror source point and a mirror destination point, the method comprising: receiving a plurality of units of network traffic representing one or more streams of network traffic at a mirror source point of a first network device on a network; altering, by the mirror source point, one or more of the plurality of units received from a first data source point remotely located from the mirror source point for transmission toward a first data destination point, the altering of the one or more units providing privacy for at least a portion of selected data of the one or more units during at least a portion of mirroring communications from the mirror source point toward a mirror destination point; and communicating, by the mirror source point, the one or more altered units of network traffic from the mirror source point toward the mirror destination point.
2. The method of claim 1 , wherein the altering of the one or more units of network traffic comprises: encrypting the one or more unit; and encapsulating the encrypted one or more units in a tunneling protocol communicated from the mirror source point.
3. The method of claim 1 , wherein the altering of the one or more units of network traffic comprises: encrypting the portion of the selected data of the one or more units; and encapsulating the partially encrypted one or more units in a non-tunneling protocol communicated from the mirror source point.
4. The method of claim 3 , wherein the encrypting of the portion of the selected data comprises: encrypting at least a value of one of the following: a field of the one or more units associated with a network protocol layer of the one or more units, a field of the one or more units associated with an application protocol layer of the one or more units, and a field of a protocol layer of the one or more units above the transport protocol layer.
5. The method of claim 1 , wherein the altering of the one or more units of network traffic comprises: replacing the portion of the selected data of the one or more units with at least one of a random binary pattern or a predefined binary pattern.
6. The method of claim 1 , wherein the altering of the one or more units of network traffic comprises: replacing the portion of the selected data of the one or more units with the portion of the selected data scrambled via a mathematical operation.
7. The method of claim 1 , wherein the altering of the one or more units of network traffic comprises: at least one of blanking or scrambling the portion of the selected data of the one or more units located beyond an offset determined by the mirror source point from a protocol type identified by the one or more units.
8. The method of claim 1 , wherein the altering of the one or more units of network traffic comprises: deleting the portion of the selected data from the one or more units; and modifying the one or more units to comprise a valid length unit for communications from the mirror source point.
9. The method of claim 1 , wherein the mirror destination point is associated with a network device accessible over the network via one or more of the following: a network relay device, a network entry device, a network segment, a transmission medium, and a public network.
10. The method of claim 1 , wherein the first network device comprises the mirror destination point.
11. The method of claim 1 , wherein the portion of the selected data of the one or more units comprises a communication of one or more users of the network.
12. The method of claim 1 , further comprising: receiving an instruction to mirror the one or more units of network traffic to the mirror destination point; and communicating, by the mirror source point, the one or more altered units of network traffic toward the mirror destination point upon receiving the instruction.
13. The method of claim 1 , further comprising: altering, by the mirror source point, a second set of one or more units of network traffic received from a second data source point remotely located from the mirror source point for transmission toward a second data destination point, the altering of the second set of units providing privacy for at least a portion of selected data of the second set of units during at least a portion of mirroring communications from the mirror source point toward the mirror destination point; and communicating, by the mirror source point, the second set of altered units of network traffic from the mirror source point toward the mirror destination point.
14. A network device for providing data privacy of mirrored network traffic during mirroring between a mirror source point and a mirror destination point, the network device comprising: a mirror source point associated with a port on a network for receiving a plurality of units of network traffic representing one or more streams of network traffic; a privacy mechanism for altering one or more of the plurality of units received from a first data source point remotely located from the mirror source point for transmission toward a first data destination point, the altering of the one or more units providing privacy for at least a portion of selected data of the one or more units during at least a portion of mirroring communications from the mirror source point toward a mirror destination point; and a network interface for communicating the one or more altered units of network traffic from the mirror source point toward at least one of the mirror destination point or a mirror receiving device.
15. The network device of claim 14 , wherein the mirror source point is connected to at least one of a port of a second network device configured to mirror network traffic or a network tapping device.
16. The network device of claim 14 , wherein the network interface communicates the one or more altered units via at least one of a second port of the network device or the port associated with the mirror source point.
17. The network device of claim 14 , wherein the privacy mechanism encrypts the one or more units and encapsulates the encrypted one or more units in a tunneling protocol communicated via the network interface.
18. The network device of claim 14 , wherein the privacy mechanism encrypts the portion of the selected data of the one or more units and encapsulates the partially encrypted one or more units in a non-tunneling protocol communicated via the network interface.
19. The network device of claim 18 , wherein the privacy mechanism encrypts a value of a field of the one or more units associated with at least one of a network protocol layer of the one or more units, application protocol layer of the one or more units or a protocol layer of the one or more units above the transport protocol layer.
20. The network device of claim 14 , wherein the privacy mechanism replaces the portion of the selected data of the one or more units with at least one of a random binary pattern or a predefined binary pattern.
21. The network device of claim 14 , wherein the privacy mechanism replaces the portion of the selected data of the one or more units with the portion of the selected data scrambled via a mathematical operation.
22. The network device of claim 14 , wherein the privacy mechanism provides for at least one of blanking or scrambling the portion of the selected data of the one or more units located beyond an offset determined by the mirror source point from a protocol type identified by the one or more units.
23. The network device of claim 14 , wherein the privacy mechanism deletes the portion of the selected data from the one or more units and modifies the one or more units to comprise a valid length unit for communications via the network interface.
24. The network device of claim 14 , wherein the mirror destination point is associated with a network device accessible over the network via one or more of the following: a network relay device, a network entry device, a network segment, a transmission medium, and a public network.
25. The network device of claim 14 , wherein the network device comprises the mirror destination point.
26. The network device of claim 14 , wherein the portion of the selected data of the one or more units comprises a communication of one or more users of the network.
Unknown
August 7, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.